Analysis
-
max time kernel
391s -
max time network
390s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
-
submitted
28/02/2025, 16:04
General
-
Target
Screenshot 2025-02-27 7.16.15 PM.png
-
Size
113KB
-
MD5
5c9c2ae01e42fb74dd198e9a9233cb83
-
SHA1
ab1deda77154ec4067198d1939f084b62daf61f3
-
SHA256
504511b22308827894ca20fbd50bbf5dd45345391eb117eace44aacd67c2953f
-
SHA512
7160c5cb3a49b4461907ea8c566fe1519b8005e7cd323550e457e757a418ed096c003fe3f56b80f1584bd8a64909f514642ad6307840ba6b5c2f521711fc3739
-
SSDEEP
3072:fZV+gCgOdAxKhWDqV2Y4leJqMAnzPXiMwL:8nWDu27lgAzPLm
Malware Config
Extracted
danabot
51.178.195.151
51.222.39.81
149.255.35.125
38.68.50.179
51.77.7.204
Signatures
-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot family
-
Danabot x86 payload 1 IoCs
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request 4 IoCs
-
Loads dropped DLL 3 IoCs
-
Drops file in Windows directory 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 16 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 17 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
-
Suspicious use of AdjustPrivilegeToken 10 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of SetWindowsHookEx 31 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Screenshot 2025-02-27 7.16.15 PM.png"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff9210cc40,0x7fff9210cc4c,0x7fff9210cc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1900 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2436 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2460 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3184 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3292,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4568 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4716 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4848 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4836 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4900 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4808 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4928,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5168 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5004 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4912,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5260 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5240,i,10586179530148848347,1416523560903488013,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5212 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff90fe46f8,0x7fff90fe4708,0x7fff90fe47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5084 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1456 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,11619002448432600820,7249766365539026469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.exe@7002⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll,f03⤵
- Blocklisted process makes network request
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 4602⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 700 -ip 7001⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.dll2⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:17410 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\DesktopPuzzle.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\DesktopPuzzle.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD54427aa34d462a7c8911d2f4ffb80f59b
SHA190042dcf3e24537a0b75120ca63b44e3e0f6bb01
SHA2567ca4ce2e6a6603679192e325843ae2565fbc20e2e9f16f400a3f8e67974c5c0b
SHA5128b3b41eb3b25fc498129671ca8ddba6562c0ab2e67c0b5753c4706e142ea0a1a253173d40e80db22a45dc183dd424c2c4a0c79ab68e28da81a45cb66554ae585
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
Filesize
854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
2KB
MD59228d559389f3ae7dc13ef87147a9d6d
SHA1860f00fadfe475820fdef06c53338a3afa90bf51
SHA2564e58e3d1f2eea8ed5946d30e7b868c29ed32266bbdaaa7c2b28ec62165486aab
SHA5128bc95f79eaf5a04f2692878db788215c33a9e0842f59918dd8fd794ef6f8b6f2f3022b76214dfc284a7e3ae7bef963ae02c4343b3e3008d4f3a45c3c6d58c9bd
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD58681ed114cf7920fc53d1d5bf5a4532c
SHA144bccff76f527395d4542b8e059c16dc24737141
SHA256822d5ac37c17a6a6c620378c682f1257601ac717f4b014dd4ebb492adb9eb4b0
SHA5120927a239e70b5fe1dcd1f1da24b9635cf0d61a2f3a42dbc368472eb24f33693d71c8a09ce27c510a27a77d50cf9310d9e4b2a322dddfd782c7f375c3d0306dfe
-
Filesize
8KB
MD5824c82735e5ac77e8de9fb7e3c411bc8
SHA1bd1781684f8fd4163cd67a3c365ed82e24d9a7c1
SHA256cd1c5d0e066418ad06c22e994b4b173056914d8dc3420c64ff2e13d2266be415
SHA512a96d7ce879c1bfc86ed0d045418ea234d4bdc309daddb7747033a5a5dd727339987676b03ec2491b9373df4e09383c15c5b5a6cfc3f9cbdb4baef6b8de684ccc
-
Filesize
15KB
MD5a9cec3e1c10ac5fe78d9c41dccdc2936
SHA157def9e8094cd4b9eaefbc6716afc27d9f7c1818
SHA2562d593ec4dc7df42f1aa15052c88dd226e50e2688e3933c8c348bcf53e173835b
SHA512f8d053185b6be5b5a9e23ce712e45a9c13114ea15fa01c655ecd943e11bce5da3ba5deb4511e916e4c1b4f1c67b43890f6784739599aa3e35d143ac47c8bc1b2
-
Filesize
72B
MD5f5bb91b594cb0245d461e93aa504c35f
SHA1196780e8e78ae2f6b0fde5f15b600a6918d32726
SHA256430d672f90dfb82618c0298630632b8dfa39e251325ec09f1547f91a3c0ed8ad
SHA512d7f13944e16b3a3593585d1b7e7698a669e9a156e27f7eab08d197d783dba42f5d3b9e2456ca03f4ad109e16d236220b32619bd98ff9b134779f0fdf88cad814
-
Filesize
244KB
MD5e6db9c68c3bd6bce53dfa295bdfca6f9
SHA18dce52759b495b1c9cd7dffe910673be7c12247d
SHA256e2fa15795aad3ddfa0420b3d7986530216a0ab3f2b185427e5b15973dd7f8a82
SHA51224ae7f2901289b17eec0b2b29c49ae4db1414f6275360d8774b4ae74b833f4d83b39992ef0e014bf45fd7d607020ef4fdcfbc5778572a903f8c3be3015580e98
-
Filesize
152B
MD50621e31d12b6e16ab28de3e74462a4ce
SHA10af6f056aff6edbbc961676656d8045cbe1be12b
SHA2561fd3365fdb49f26471ce9e348ce54c9bc7b66230118302b32074029d88fb6030
SHA512bf0aa5b97023e19013d01abd3387d074cdd5b57f98ec4b0241058b39f9255a7bbab296dce8617f3368601a3d751a6a66dc207d8dd3fc1cba9cac5f98e3127f6f
-
Filesize
152B
MD556361f50f0ee63ef0ea7c91d0c8b847a
SHA135227c31259df7a652efb6486b2251c4ee4b43fc
SHA2567660beecfee70d695225795558f521c3fb2b01571c224b373d202760b02055c0
SHA51294582035220d2a78dfea9dd3377bec3f4a1a1c82255b3b74f4e313f56eb2f7b089e36af9fceea9aa83b7c81432622c3c7f900008a1bdb6b1cd12c4073ae4b8a2
-
Filesize
3KB
MD5240caa117d6e753ac0401761960ac98b
SHA141803a5383332448d3267dd8f60391b4d5432815
SHA2560df2c900f5c17d14428022ad46611bcede4a0661912d589d36d961d26893d9d1
SHA512940ca4b433e07edf963c8d3b5fd703a897d9997256bb3147868c3c480bd2612a0ead7a506d3f1d8eff2249af470df68bd585bce3cd122d125669ee0c941b21b5
-
Filesize
865B
MD5eda04d6d3491a6f307bb4a9acc5f9a31
SHA1c5125d62f0b8a5ce265354b4abb45ce609a0b920
SHA256753df09ddbca1df76870ed93cad471c5a479463cabd29804c48a7278ab776adf
SHA512f9561e1cf1803a2ab2da9db0a848e39ce2772a3d62f4b1b7661e8f74e3a31b91dafe5f035253ae652e05aa2d2f43a39b9955ac1b2510dad0630e9c6ad5b6aba7
-
Filesize
7KB
MD5a610b52b6998b5096c5d5647c537d996
SHA1ea6a4a92c59caf6517ae1afff1fbc46a4795e1ec
SHA25615153a36503dfc5d902321778e5f905ead86e7be28473065747332245537a806
SHA5121373461ccd9a9ff6d5a52efd7034580c73c7936a34c7a252dac036838fd921cc324759902b06592a99957110d7c86dba540ffe7b63feb27dabfedd12b7c6d44c
-
Filesize
5KB
MD50182b315ef027ffce96c363f6bf14b89
SHA1ff35690311ec97dda2f8a1e63d5a0f5f33ca1fbe
SHA256806023c3b4770a35c5452fa5bfb18ec8e23026d6cee5e045489176b43a972608
SHA5127818e16fecc93e619c12c92e6908f162ed091ada0206e61aa2b34057648b876b396814566e57ff82f7f1527f98fa7ee55ae56c514baad79538f3b015bb79b8ad
-
Filesize
6KB
MD5ff101d09a4600f4a61781ef299d40cb3
SHA1af70061e848fd26cb94f80b2587b49edf59ac27a
SHA256214f189fea9e27103d7fd8758accecc244f6add6306dcab9e3f9eb6dafb37027
SHA51225763a6f8aaea09fa291843a463566daa7a817321c6552b5a48ba9634b5ae97ed8dcf6f7377330121daa5878f2fe30cadfd0f3077f2e6cb2b98d20a916c60304
-
Filesize
6KB
MD53c788b194c5fca2e58fc765738fc4b25
SHA1f5fb6fb7de2cf0fee64166cfa87f35c4255ce4fb
SHA256c9bbfe540d856bd44b28629e5895a7f28fc0fdbafd5111a1c4859dd1a328974e
SHA5124d133c946197fa13ffbcc5c6ebef6f711f31dfd5f1f3f54a6fc312dee496cdea709bd91581f99dab7b9d3554cd9922d46609081dfc20799859e0e0f7084216fd
-
Filesize
1KB
MD537858ed6df2cb66fa1dff9a8cc3a8fe5
SHA1b0caa63e44035f5a70048a214feafac8c96a3794
SHA256106fa22bffac7cefa5fbd351f21aebe3984d03b48aec93b74f5f4a8dd311d0bc
SHA51284eecbfa5b89e385ae84a5c9785f7eb1b1f3304b849bfb9779ba8aa96f51f43c3a28af12f87d31b54bca1e0e88edf95248d630a4f1420073be402568785bc777
-
Filesize
1KB
MD56eabefb875a4c52d15ddec2542bdb522
SHA1e417018a9ccd6b56e02e3ab1b33ae569d38698bb
SHA256e23d7b473f96036b30373804eea363e9e22cffadf26214300e71d59d921238c5
SHA51287eca25b60488bdd941481a744be3a27770965905e7db0fa43a21d446d54ff6b381ca97138955be8185de71d697c9afa1c987dbf43374f3d2c79554946d37c79
-
Filesize
1KB
MD5c9be965a2ad194795f9fd70f68abca00
SHA172fe06f887962b8eb970f67c5b8c73303f6eadfa
SHA25651b07c6b241f3c1302062d2c01f48423c7cb78a22ce52298c330f3114f8138e0
SHA51225d0f4337e2557fce62cdaf03137f381dcaa04131479dfce8d98b62ee12e868a49799952ee12f41d022bf589dc7481482f446ae475419beaf287c2f4776cdd05
-
Filesize
1KB
MD5372938a1a99773338ea0e6e9e1b3a3b6
SHA1936b109ce5912e4f396949ab04edee6fe4e14436
SHA256b61daa5fa7f8812df2fa4402ea837fd1da9f7c48ecde7916828dfd4701e09098
SHA512b2f42e9fe7504386eb87f9f3e0584c57ec88654a94dada89525c7f942d18781392df9628f37d45e90738c62c32c13ba2cb649b3b5edf2cd54ab65108059d424b
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5912be515aa8ac4c24d8010956f8f0d7f
SHA17afd97db1d3f3b52173d8df17f3839a95a2b608d
SHA256964313c6177738d7a6502c5417eac04ad8fcf19f8ec8a0d3bbb74f3b40c7b02d
SHA512aaaab8eccb04c66b2668fbd1e9f8dc50ee51f6c8f1722b4c9c8d7608271acf7850e36d99e15e2005315e3742c3b5285e1845389f641bdc38aaf84a9bdb3b5d06
-
Filesize
11KB
MD5c54ad21c071cbf8dc147acc40dd36602
SHA173a76c4b3cf192f4edf09bca52be84c49d2577b4
SHA2564e2b427c1252da9a3cfa379a157c53c75696a6a21c1bbc625563fdfc17915b7c
SHA51235237ce44ea7ccfb4c73a44b5abacc1cb93f82bb299bc8d33c20aa89b0bcdd319080e47d585a4e65fc126352a162c4daea03a053d860797ef151911b6f370978
-
Filesize
150KB
MD5eae462c55eba847a1a8b58e58976b253
SHA14d7c9d59d6ae64eb852bd60b48c161125c820673
SHA256ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad
SHA512494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
Filesize
2.4MB
MD57e76f7a5c55a5bc5f5e2d7a9e886782b
SHA1fc500153dba682e53776bef53123086f00c0e041
SHA256abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3
SHA5120318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24
-
Filesize
6.7MB
-
Filesize
260KB
-
Filesize
260KB
-
Filesize
260KB
-
Filesize
260KB
-
Filesize
260KB
-
Filesize
2.4MB
-
Filesize
2.4MB
-
Filesize
2.4MB